a timely and invaluable sourcebook on privacy issues from A to Z crafted by Rebecca Herod, CISSP, CISA, and FLMI, a highly respected and experienced information security professional Herod's contributors read like a Who's Who list of … see full wiki
The first section, Business Organization Issues, covers policies for a number of functional areas, auditing, e-commerce issues, and related concerns at the administrative level. Technology is also addressed as a high-level, as are topical concerns such as identity theft and internet activities.
Section two covers the full range of applicable tools and related technologies, including encryption/cryptography, cookies and profiling, monitoring and content filtering, wireless communications and data mining.
In the final section US and international laws and issues are covered at a high level, but sufficiently detailed to provide the salient issues. Although there are some minor gaps in this section, it was up-to-date when it was published, and the gaps can be addressed through extrapolation and other publications. The most notable gap is the absence of Sarbanes-Oxley Act Section 404 requirements related to data access and manipulation, and other assurance measures. That said, the material in this book is consistent with SOA, and the information and advice map nicely to it if you cross reference requirements to business organization issues, and tools and technologies sections of this book.
What did you think of this review?